Extracted

• • Target

    c67942995f9f76a2fe57c85f27435aa0_JaffaCakes118

  • Size

    856KB

  • MD5

    c67942995f9f76a2fe57c85f27435aa0

  • SHA1

    7c447663a9e841f47cba60e29164accedd82e4e8

  • SHA256

    44af2a0a5fe2bbc9da82eb8836213ef51297cbf439ac9afd244f9513539b2f53

  • SHA512

    8071049978a65e0ff2eb1375a0e445ba9a4656814a670574b795171829c0d2e5d7543f9480275032d2e8d55eab4fdeb1fe604f5f0c50930532b7b4166251e2ce

  • SSDEEP

    12288:hWYaoA3uSHK7zFLpIa7/rXwBWfIt4zREuN/UMhWBge//Worn0k/O5z1f:M9uRRNVbrXwR4zRb6hBO5

  Score

  10^/10

  snakekeyloggercollectioncredential_accessdiscoverykeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snakekeylogger family

    snakekeylogger

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2